Guess the old "total cost of ownership" anti-Linux FUD slides from Microsoft from back in the day need an update.
It's been a while since I read that stuff but I doubt they included "expensive payed for security fixes after product EOL" on their side.
Pretty bizarre situation though. Why did the Navy not migrate. It's not like the EOL of WinXP was the Spanish Inquisition.
I'm speculating here, but from my experience with Windows powered oscilloscopes: Windows is on the measurement device, it's not a networked or USB controlled peripheral with a documented network protocol connected to a standalone PC. When you open up "Device Manager" you'll see a bunch of specialized USB and PCI/PCIe peripherals that make up the actual measurement function and user-interface.
So the company selling the spectrum analyzer would have to publish quite a lot of their internal documentation regarding hardware registers for the data acquisition boards, and they'll be reluctant to do this: Much of a modern measurement equipment's functionality is inside the data processing, and by documenting the interfaces it would make it possible/easier to reverse-engineer or extent (without paying for options) the functionality.
If the buyers were to stick together and only buy from suppliers who allow access to modify and redistribute the source code of these devices, perhaps they could create incentives for the devices to function with newer software.
Why would the navy pay for support if the computers on xp were airgapped? The only reasonable conclusion is that these computers are on the network accessible from outside.
Consider that the US was able to attack air-gapped computers in Iran and destroy industrial equipment. Air gaps can be breached, it's just a little harder.
I doubt they included it on either side. How many Linux vendors still offer security updates for distributions from 2001, at any price?
As others have pointed out, paying for support is likely much cheaper and less disruptive than developing, re-testing and re-verifying new versions of their systems. "If it ain't broke, don't fix it." I'd imagine when they do eventually migrate they'll try to stay on the new systems for as long as possible, as well.
I almost fully agree with you. But... when looking at broader spectrum (Unix+Linux), I was tasked recently with migration of some sort of legacy app suite from AIX to Linux. Part of this were Bash+Perl scripts for various document modifications for printing purposes. What a clusterfk those scripts were...
I am (still) no expert, and Java developer on top, so working with these in vim/ultraedit was a bit nightmarish compared to what even basic Eclipse can offer you for debugging in Java. But the worst issues were bash comamnds that compared to AIX had a different syntax, and they for example ignored some parameters, or some params had different meaning... Bear in mind I was not in position to pick up which version of bash, perl etc gets installed where.
Any idea what the WinXP machines are being used for? If it a key part of running a ship, it may cause a flow on effect to changing other parts of the ship, kinda like a refit. However, I guess that there are more in their operation than just running ships.
I believe the phrase "if it isn't broken, does fix it" is at play here.
XP was almighty popular for any sort of scientific instrumentation, in no small part because of its good compatibility with Windows 9x (!). Manufacturers of advanced equipment tend to worry about small things like Proper Science rather than OS versions and other hipster stuff, and they're often small companies, so they historically tend to go Minimum Effort Required when it comes to interfacing with computers. They're also very worried about performance, so they have to go low-level, increasing the likelihood of incompatibilities with the latest and greatest and reducing maintainability in general.
A lot of drivers were developed back in the '90s and just tweaked for compatibility when absolutely necessary. Long-term compatibility is also why that world tends to favour Microsoft, that's one thing Redmond really cares about.
Libre software and the associated freedoms aren't (or shouldn't be, at least!) "hipster stuff"! They are also in no way in conflict with Proper Science. One might almost argue that with regards to reproducibility of results, Proper Science demands a certain amount of Freedom.
If it's Libre (which i suspect RH isn't — but i am no expert) then all the source code should be available, and presumably you could hack the drivers (or whatever) to work with whatever new-and-improved hardware/software you want to run. That's kind of the point of Libre.
read my post again: most manufacturers have no time for this sort of diatribe, and most users have no time or inclination to "hack the drivers" -- especially in rigid "efficiency-first" organisations like the military.
a) throw away a $300,000 piece of equipment for lack of drivers, assuming the company producing it has disappeared without all trace
or
b) spending less than $300,000 on employee time to make it work again
then to me case b sounds preferable, even in efficiency-first organisations. The military, i don't know. All i'm saying is that b wouldn't even be feasible without stuff being Libre, so diatribe or not, it actually would benefit public, private and commercial users' interests.
Because it's likely that a lot of their equipment was actually developed for Win95/98/2000 or even DOS.
> I've heard security called many things, but I think this is the first time I've heard of it referred to as 'hipster stuff'.
It was tongue-in-cheek, but what I meant is that most people don't upgrade their OS for fun (or for security) -- they do it only when forced by external pressure. Dunno about you, but I'd rather have nuclear submarines running on well-known and (literally) battle-tested software, screw smooth animations and glassy windows.
If you don’t interface with external systems, and your computer has no IO ports open to its users, well, then it doesn't matter. You could run DOS 6.2 and it would work just as well, security is not an issue there.
Usually it's important tasks that are difficult and expensive to retrofit.
I had a customer who this day has a distributed system running Windows NT4 on Alpha for s critical business system. It was cheaper to setup a dedicated network then to deal with the application. IIRC, they now have a 5 year project to replace it that is just starting.
We have a few machines that are controlled by software that only runs on NT4. They've been air-gapped and run on their own domain for security reasons, but we can't get rid of them without spending millions on new machines (this is a high-tech manufacturing environment). The vendor of the current machines no longer exists and in those days we never thought to include software escrow in contract negotiations ... not that we'd have the gumption to attempt updating industrial machine controllers ourselves anyway, but still.
Applications for specialised hardware reading between the lines of the OA. That means getting the suppliers of the original hardware to rewrite the applications to work with later versions of the OS and that might take time.
Pretty bizarre situation though. Why did the Navy not migrate. It's not like the EOL of WinXP was the Spanish Inquisition.